FIRST OF ITS KIND

Capsule Safe

The vault even we can't open.

Full local encryption. Zero keys on server. Zero metadata. Zero recovery path. Our server in Israel (GCP me-west1) stores only ciphertext — even Google can't read it. This isn't policy. This is architecture.

AES-256-GCMPBKDF2 600KHMAC-SHA256Israel ServerZero-Knowledge

FOR THOSE WITH THE MOST SENSITIVE DATA

Not everyone needs this vault. Those who do — have no alternative.

⚖️Lawyers

Attorney-client privilege. Investigation files, contracts, plea deals. Leaked docs = case collapse.

🏥Doctors & Therapists

Patient Rights Law. Medical records, test results, treatment summaries. Protecting the most private.

💰CPAs & Tax Advisors

Financial reports, payslips, capital declarations. Amendment 13 mandates PII protection in transit.

🔐Startups & DevOps

API keys, server passwords, seed phrases, cloud credentials. One leaked secret = breach.

🏦Banks & Insurance

BOI Directive 364. Financial data, loans, claims. Regulation demands encryption.

🪙Crypto & Web3

Seed phrases, private keys, wallets. No "forgot password". The only vault that fits.

Amendment 13 + Israeli Server + Zero-Knowledge

Amendment 13 to the Privacy Protection Law (August 2025) requires every organization holding PII to protect it with encryption, report breaches within 72 hours, and appoint a DPO. Capsule Safe doesn't just comply — it makes the requirements irrelevant.

🇮🇱

Server in Israel

GCP me-west1 (Tel Aviv). Data never leaves Israel. Full data sovereignty.

🔒

Even Google is blind

Encryption happens on your device before upload. Google stores ciphertext only. They have no key.

📋

Regulatory compliance

Amendment 13, GDPR, attorney-client privilege, Patient Rights Law, Directive 364. No data = no breach = no fine.

In most vaults, protection is policy — "we won't read your data". In Capsule Safe, protection is architecture — we can't read it even if we wanted to. Not even with a court order.

How Capsule Safe Works

👤

STEP 1

Choose nickname + PIN

🔑

STEP 2

Get 12 words

📝

STEP 3

Enter data

🔐

STEP 4

Local encryption

☁️

STEP 5

Blind server stores

[Your Device]
  ├── Seed Phrase (12 words) → PBKDF2 (600,000 iterations) → Master Key
  ├── Entry: { label, user, pass, url, notes, files }
  │     └── AES-256-GCM encrypt (locally, before upload)
  │           └── Encrypted Blob (only this leaves your device)
  │
  └── Upload to Capsule Safe Server (GCP me-west1, Israel)
        │
        Server stores:  { encrypted_blob, iv, hash }
        Server CANNOT:  decrypt, read, index, search
        Server KNOWS:   nothing about you
        Google KNOWS:   nothing (ciphertext only)
        Court order:    nothing to hand over
        Breach:         worthless ciphertext

Why This Vault is First of Its Kind

The technologies exist. The combination — doesn't.

Capability	1Password	Tresorit	Capsule Safe
Full local encryption	✅	✅	✅
Zero account / email	❌	❌	✅
Zero metadata on server	❌	🟡	✅
Israeli server	❌	❌	✅
HMAC proof chain	❌	❌	✅
Burn after read	❌	❌	✅
TTL — auto-delete	❌	❌	✅
Built-in SOC 2 evidence	❌	❌	✅
Seed phrase (12 words)	❌	❌	✅
BYOS — your server	❌	🟡	✅

Pricing

Ephemeral messages — free. Permanent vault — paid. Your secrets are worth more than a subscription.

Free

Forever

+Encrypted burn links

+TTL messages (5min – 72hr)

+Ephemeral encryption — no storage

+No permanent vault

14-Day Trial

14 days

+Full vault — 100MB

+100 encrypted entries

+Sync to 1 device

+After 14 days: read-only 30 days

Business

$29

/ mo

+1,000 encrypted entries

+10GB encrypted storage

+Sync across 5 devices

+HMAC proof chain

+Built-in audit trail

Enterprise

Contact

+Unlimited everything

+BYOS — your server

+Shared vault for teams

+SOC 2 + GDPR ready

+Docker self-hosted

After trial: 30-day grace period (read-only). After 60 days — vault deleted. Consistent with our philosophy: data doesn't persist without intent.

START HERE — NO EMAIL, NO PASSWORD

Choose Nickname + PIN Code

Your Capsule Safe identity is anonymous. Nickname + 4 digits. No name, no email, no phone. Your PIN = your access.

NICKNAME

PIN CODE (4 DIGITS)

No signup. No email. Your nickname and PIN are all you need. Cannot be recovered — keep them safe.

Nobody can get in.

🏢

NoData

❌

Cannot read

☁️

Google

❌

Cannot read

💀

Hackers

❌

Cannot read

⚖️

Court

❌

Cannot read

No keys on server. No backdoor. No recovery mechanism. Keys are created on your device and stay there. AES-256-GCM + PBKDF2 with 600,000 iterations = billions of years to crack.

Ready to lock up the secrets?

No signup. No email. Nickname + PIN + 12 words — and your vault is live.

First of its kind. Israeli server. Zero access. Even for us.

nodatacapsule.com · david@nodatacapsule.com